CVE-2024-2626 — Out-of-bounds Read in Google Chrome

CWE-125 — Out-of-bounds Read8 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 68.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Linux Kernel +1 more

Timeline

PublishedMar 20

Latest updateNov 9

Description

Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5google/chrome123.0.6312.58 — 123.0.6312.58

▶NVDgoogle/chrome< 123.0.6312.58

▶Debianchromium/chromium< 123.0.6312.86-1~deb12u1+2

▶Debianlinux/linux_kernel< 6.1.119-1+1

Also affects: Fedora 38, 39, 40

🔴Vulnerability Details

OSV

CVE-2024-50228: In the Linux kernel, the following vulnerability has been resolved: mm: shmem: fix data-race in shmem_getattr() I got the following KCSAN report dur↗2024-11-09

▶

CVEList

CVE-2024-2626: Out of bounds read in Swiftshader in Google Chrome prior to 123↗2024-03-20

▶

GHSA

GHSA-4www-jw36-m87h: Out of bounds read in Swiftshader in Google Chrome prior to 123↗2024-03-20

▶

OSV

CVE-2024-2626: Out of bounds read in Swiftshader in Google Chrome prior to 123↗2024-03-20

▶

📋Vendor Advisories

Chrome

Stable Channel Update for Desktop: CVE-2024-2626↗2024-03-19

▶

Microsoft

Chromium: CVE-2024-2626 Out of bounds read in Swiftshader↗2024-03-12

▶

Debian

CVE-2024-2626: chromium - Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowe...↗2024

▶